2023-02-07 Security Subcommittee Meeting Notes
- Paweł Pawlak
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 7th of February 2023.
Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
TSC meeting (2nd Fabruary) | TSC agrees in principle to form a special squad or task force to manage changes to projects that lack a PTL. Participants and details to be determined. Chaker is leading meeting at the Archcom later today. | |||
PTL meeting (6th Fabruary) | Review of Release Management tasks – continued | |||
Unmaintained projects update | Jira tickets were issued for repos (34!) where no changes for last 12 months done. Feedback from 2 projects, one of them AAI and Sparky related one. Projects under OOM removal and from official architecture Wiki page (List from Byung): • AAF • CLAMP (still shown as a subcomponent) List from Amy:
| |||
Logging security discussion | Problem of multitenancy and . SDC is doing tenant isolation by adding attribute tenant in logging. Focus on node level logging. Namespace is treated as object that would get privileges. We treat multitenancy in a sense: ONAP running as a Service. | |||
CPS Security review questionaire by Tony | CPS provided their feedback. | ongoing | We should now review answers and provide comments by February 21st and CPS team could be invited to SECCOM on February 28th. | |
Adoption of security practices | TAC meeting will be addressing it on Wedesday.
LF IT is entity that should implement SBOM tools insertion for all LF projects. | NTIA recommendation on integrity protections on SBOMs to be reviewed by Amy | ||
NIST has also just joined ORAN Alliance. | https://www.nist.gov/news-events/news/2023/01/nist-joins-alliance-promote-open-wireless-technologies-and-supply-chains | |||
SECCOM MEETING CALL WILL BE HELD ON 21st February 2023. | CPS Security questionaire review by SECCOM. |
Recordings:
SECCOM presentation:
2023-02-07 ONAP Security Meeting - AgendaAndMinutes.pptx